Description
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Adversarial Robustness Toolbox (ART) version 1.20.1 (and earlier) contains a flaw in its Kubeflow component that uses the built‑in eval() function to interpret user‑supplied strings as code for LossFn and Optimizer parameters without any sanitization. An attacker who can supply a crafted string will cause eval() to execute arbitrary Python code during model evaluation, resulting in remote code execution and full compromise of the host system running ART.

Affected Systems

The vulnerability affects installations of ART through version 1.20.1 that include the Kubeflow component. Environments that integrate ART 1.20.1 or earlier and expose the Kubeflow interface for loss or optimizer configuration are at risk.

Risk and Exploitability

The CVSS score of 9.8 marks this as critical and the EPSS score of < 1% indicates a low but non‑zero probability of exploitation. Because eval() lacks any protective controls, an attacker who can provide a malicious string—such as through a configured Kubeflow endpoint—can hijack the service and achieve total compromise without needing further privileges. The flaw is not listed in CISA’s KEV catalog, yet its high severity and the ease of exploitation make it a high‑risk vulnerability that should be remediated immediately.

Generated by OpenCVE AI on May 13, 2026 at 18:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the ART project repository or release notes for an updated version that addresses the unsafe eval usage, and upgrade if available.
  • If an upgrade is not feasible, restrict the Accepted LossFn and Optimizer inputs to a whitelist of known safe functions or sanitize the strings to prevent arbitrary code execution.
  • Disable or isolate the Kubeflow component until a patch is applied, or run ART within a container that has minimal privileges to contain any potential compromise.

Generated by OpenCVE AI on May 13, 2026 at 18:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unsanitized eval in ART Kubeflow Component

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Trusted-ai
Trusted-ai adversarial-robustness-toolbox
Vendors & Products Trusted-ai
Trusted-ai adversarial-robustness-toolbox

Tue, 12 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unsanitized eval in ART Kubeflow Component
Weaknesses CWE-94

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.
References

Subscriptions

Trusted-ai Adversarial-robustness-toolbox
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-13T14:10:16.244Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31228

cve-icon Vulnrichment

Updated: 2026-05-13T14:10:06.119Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T16:16:14.633

Modified: 2026-05-13T15:52:25.637

Link: CVE-2026-31228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:30:46Z

Weaknesses